First cut of end to end enrollment feature.

The following features implemented for enrollment.

1. Standard enrollment of a list of RSA certificates.
2. Certificates are only done with token side keygen.
3. Minimual enrollment based pin reset functionality implemented to create
a pin for the enrolled token.
4. Much work done to the PKCS11 object code, which allows us to write the
compressed object blob to the token, allowing coolkey to access it and use
the certs and keys on the token.
5. Tested with Bob Relyea's "smartcard" utility to prove that signing and encryption
operations worked as expected.
6. Some work done to get authentication working with esc.
7. Added stub for stand alone Pin Reset processor.
8. CFU review fixes.

7 files changed, 55 insertions, 11 deletions

diff --git a/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java b/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java
index c37d0d465..ec684230e 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java
@@ -26,6 +26,8 @@ public class CreatePinAPDU  extends APDU {
 
     public  CreatePinAPDU(byte theP1, byte theP2, TPSBuffer theData) {
 
+        setCLA((byte) 0x84);
+        setINS((byte) 0x40);
         setP1(theP1);
         setP2(theP2);
         setData(theData);
diff --git a/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java b/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
index d522c2ab4..43ff2ea1d 100644
--- a/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
+++ b/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
@@ -54,6 +54,15 @@ public class TPSBuffer {
     }
 
     /**
+     * Creates a buffer from only one byte
+     * @param b
+     */
+    public TPSBuffer(byte b) {
+        buf = new byte[1];
+        buf[0] = b;
+    }
+
+    /**
      * Creates a Buffer of length 'len', initialized to zeroes.
      */
     public TPSBuffer(int len) {
@@ -124,6 +133,13 @@ public class TPSBuffer {
 
     }
 
+    public void prepend(TPSBuffer prepend) {
+        if(prepend == null)
+            return;
+
+        byte [] preBytes = prepend.toBytesArray();
+        prependBytes(preBytes);
+    }
     public void add(TPSBuffer addend) {
 
         if (addend == null)
@@ -151,6 +167,17 @@ public class TPSBuffer {
         addBytes(addBytes);
     }
 
+    public void prependBytes(byte [] preBytes) {
+        if (preBytes == null)
+            return;
+
+        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+        bytes.write(preBytes, 0, preBytes.length);
+        bytes.write(buf, 0, buf.length);
+
+        buf = bytes.toByteArray();
+    }
+
     public void addBytes(byte[] addBytes) {
         if (addBytes == null)
             return;
diff --git a/base/common/src/org/dogtagpki/tps/main/Util.java b/base/common/src/org/dogtagpki/tps/main/Util.java
index bef425215..8e6ffe614 100644
--- a/base/common/src/org/dogtagpki/tps/main/Util.java
+++ b/base/common/src/org/dogtagpki/tps/main/Util.java
@@ -52,6 +52,13 @@ public class Util {
         return ret;
     }
 
+    public static byte bool2Byte(boolean value) {
+        if (value)
+            return 0x1;
+        else
+            return 0x0;
+    }
+
     public static int hexToBin(char ch) {
         if ('0' <= ch && ch <= '9')
             return ch - '0';
@@ -155,7 +162,6 @@ public class Util {
         return Utils.SpecialEncode(data.toBytesArray());
     }
 
-
     public static TPSBuffer computeMAC(PK11SymKey symKey, TPSBuffer input, TPSBuffer icv) throws EBaseException {
         TPSBuffer output = null;
         TPSBuffer result = null;
diff --git a/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java b/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java
index e59f80fff..d776fe1cd 100644
--- a/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java
+++ b/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginRequestMsg.java
@@ -28,13 +28,16 @@ public class ExtendedLoginRequestMsg extends TPSMessage {
 
     private Set<String> params;
 
-    public ExtendedLoginRequestMsg(int invalid_pw, int blocked, Set<String> params, String title, String description) {
+    public ExtendedLoginRequestMsg(int invalid_pw, int blocked, Set<String> params, String title, String description)
+            throws UnsupportedEncodingException {
 
         put(INVALID_PWD_NAME, invalid_pw);
         put(BLOCKED_NAME, blocked);
         put(MSG_TYPE_NAME, msgTypeToInt(MsgType.MSG_EXTENDED_LOGIN_REQUEST));
-        put(TITLE_NAME, title);
-        put (DESCRIPTION_NAME, description);
+
+        put(TITLE_NAME, Util.uriEncode(title));
+        put(DESCRIPTION_NAME, Util.uriEncode(description));
+
         this.params = params;
 
     }
@@ -57,7 +60,7 @@ public class ExtendedLoginRequestMsg extends TPSMessage {
 
                 if (curParam != null && curParam.length() > 0) {
 
-                    String name = "&" + PARAMETER_NAME + Integer.toString(i++);
+                    String name = /*"&" + */ REQUIRED_PARAMETER_NAME + Integer.toString(i++);
                     String value = curParam;
 
                     put(name, value);
@@ -72,7 +75,7 @@ public class ExtendedLoginRequestMsg extends TPSMessage {
 
     }
 
-    public static void main(String[] args) {
+    public static void main(String[] args) throws UnsupportedEncodingException {
 
         final String title = "LDAP Authentication";
         final String description = "This authenticates user against the LDAP directory.";
diff --git a/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginResponseMsg.java b/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginResponseMsg.java
index 173a775f4..b15e333b0 100644
--- a/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginResponseMsg.java
+++ b/base/common/src/org/dogtagpki/tps/msg/ExtendedLoginResponseMsg.java
@@ -37,7 +37,7 @@ public class ExtendedLoginResponseMsg extends TPSMessage {
         put(OPERATION_TYPE_NAME, opTypeToInt(theOp));
         put(MSG_TYPE_NAME, msgTypeToInt(MsgType.MSG_EXTENDED_LOGIN_RESPONSE));
         authParams = theExtensions;
-        put(SCREEN_NAME_NAME, uid);
+        put(UID_NAME, uid);
         put(PASSWORD_NAME, password);
 
     }
diff --git a/base/common/src/org/dogtagpki/tps/msg/LoginResponseMsg.java b/base/common/src/org/dogtagpki/tps/msg/LoginResponseMsg.java
index 71096d261..8c765ba65 100644
--- a/base/common/src/org/dogtagpki/tps/msg/LoginResponseMsg.java
+++ b/base/common/src/org/dogtagpki/tps/msg/LoginResponseMsg.java
@@ -23,7 +23,7 @@ public class LoginResponseMsg  extends TPSMessage {
     public LoginResponseMsg(String uid, String password ) {
         put(MSG_TYPE_NAME, msgTypeToInt(MsgType.MSG_LOGIN_RESPONSE));
         put(SCREEN_NAME_NAME,uid);
-        put(PASSWORD_NAME, password);
+        put(PASSWORD_NAME_1, password);
 
     }
 }
diff --git a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
index 16fec1dd8..84e991e5a 100644
--- a/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
+++ b/base/common/src/org/dogtagpki/tps/msg/TPSMessage.java
@@ -67,7 +67,9 @@ public class TPSMessage {
     public static final String INVALID_PWD_NAME = "invalid_pw";
     public static final String BLOCKED_NAME = "blocked";
     public static final String SCREEN_NAME_NAME = "screen_name";
-    public static final String PASSWORD_NAME = "password";
+    public static final String UID_NAME = "UID";
+    public static final String PASSWORD_NAME = "PASSWORD";
+    public static final String PASSWORD_NAME_1 = "password";
     public static final String PIN_REQUIRED_NAME = "pin_required";
     public static final String TITLE_NAME = "title";
     public static final String DESCRIPTION_NAME = "description";
@@ -455,7 +457,7 @@ public class TPSMessage {
         case MSG_EXTENDED_LOGIN_RESPONSE:
             result =
                 new ExtendedLoginResponseMsg(op_val,
-                    get(SCREEN_NAME_NAME),
+                    get(UID_NAME),
                     get(PASSWORD_NAME),
                     extsMap);
             break;
@@ -464,11 +466,15 @@ public class TPSMessage {
         case MSG_LOGIN_RESPONSE:
             result =
                 new LoginResponseMsg(get(SCREEN_NAME_NAME),
-                    get(PASSWORD_NAME));
+                    get(PASSWORD_NAME_1));
             break;
         case MSG_NEW_PIN_REQUEST:
             break;
         case MSG_NEW_PIN_RESPONSE:
+
+            String pin = get(TPSMessage.NEW_PIN_NAME);
+            CMS.debug("TPSMessage.createMessage: MSG_NEW_PIN_RESPONSE pin: " + pin);
+            result = new NewPinResponseMsg(pin);
             break;
         case MSG_SECUREID_REQUEST:
             break;